With the “Electronic Signatures in Global and National Commerce Act” of 2000, the U.S. Congress gave digital signatures the same legal validity as an ink signature on a piece of paper. Now, the sender of an email message, word processing document, or any other type of electronic record that can be construed as a written contract can be legally bound to that record if the recipient can prove that the sender authenticated the record.
Electronic records that are signed with digital signatures can be proved, to a very high level of certainty, to be authenticated by the person who caused the digital signature to be applied to the record. The digital signature can only be applied with a private key, which is an incredibly large number that uniquely corresponds to another incredibly large number, called a public key. The private key, as its name implies, is kept a strict secret by the person who uses it to sign his or her digital signature. Strong cryptographic software ensures that it is “computationally infeasible” (i.e., very difficult, even with very fast computers) to derive the private key from the public key. When a person signs an electronic record with their private key, a digital signature code is produced that anyone can verify against the public key, which is publicly accessible. The slightest change in a document so signed will cause the digital signature to no longer match the document.
The cryptography used in digital signatures is very strong and nearly impossible to tamper with, at least with current technology. But a very old problem remains that technology alone cannot entirely solve. That problem is trust.
The trust problem in digital signatures can be summarized as follows: How do you know that the public key really belongs to the person who says it belongs to him or her? Anyone can create a public key and call it someone else's, then use the corresponding private key to create forged electronic records. The 1998 edition of The Global Trust Register, a printed directory of public keys published by a group of cryptography experts, states the problem as follows: “[T]here is no cheap and effective way for Internet users to check the validity of public keys on which they may wish to rely.”
The experts who wrote The Global Trust Register made that statement in spite of the many efforts by Certification Authorities (CAs) to deploy a “hierarchical trust” model, where trusted third parties check out the identity of persons who own private/public key pairs. A CA such as VeriSign, Entrust, or Thawte will add its digital signature to a public key if the public key is tied to the name of a person who physically appears with proper documentation to prove their identity. Recipients of documents signed with the certified public key are then expected to trust that the CA has done its job and that the public key really came from the person whose name is tied to it.
But what happens when one of the many employees at the CA doesn't do his or her job properly? Who is liable for the recipient's reliance on a forged document promising delivery of 10,000 widgets for $1,000,000 when the sender has pocketed the money and run, completely anonymously due to the faceless nature of the Internet? The recipient cannot sue the sender if the recipient doesn't know the sender really was. The recipient's only course of action is to sue the CA for not doing its job. CAs try to avoid liability with disclaimer language in their Certification Practice Statements.
What about tort claims against the CA? Here's what the text Certification Authority Liability Analysis has to say about that: “A CA's liability for tort claims based on negligence may be limited by the so-called ‘economic loss doctrine.’ The economic loss doctrine provides that claims for purely economic losses based on product defects are not recoverable in tort. The rule holds simply that tort liability does not arise for pure economic loss, but only for personal injury or property damage. The principles behind this rule are that protecting personal injury and property damage claims are more important social policies than pure economic (business) losses, and that economic losses are better protected by negotiated contract allocations rather than through generalized tort law” (Certification Authority Liability Analysis Section 1.1, American Banker's Association, 1998).
In addition to the problems with “hierarchical trust” that should now be apparent, reliance on the Certification Authority as a trusted third party requires the CA to have an established reputation and to keep its digital house in order for a long time. It doesn't do much good to have a “trusted” third party certifying a digital signature if that third party disappears, loses data, or is found out to have some serious security breach in its infrastructure.
In view of these problems, a system is needed that will translate the direct trust from signer to recipient that self-authenticating ink signatures now provide into the realm of digital signatures. The solution, applicant has discovered, is combining technology with the trusted authentication that ink signatures and signature witnesses have established over hundreds of years of history.
Another need addressed by the inventions is for a system of destroying electronic communications or records when the sender and recipient of the communications agree to do so. In private confidential conversation, two people can have a conversation without leaving any record of their conversation. With written or electronic communications, however, there is some record of what was said. That record can be difficult to eliminate. While paper communications such as letters can be shredded if both sender and recipient agree that they will destroy their copies, electronic communications (e-mail) are more difficult to eliminate because backup copies can be made and automatically archived onto other locations. It is sometimes surprising that backup copies are available during discovery of communications that would be embarrassing.
Another need addressed by the inventions is dispensing with the need for the modulus in the multiplicative group xy modulo p to be fixed with respect to the order of the input and output set. The IDEA cipher uses a multiplicative group modulo p=216+1 (which is prime) along with two other group operations to encrypt binary data in the set of 16-bit integers, but very few known moduli have the desirable property of being exactly one greater than a power of two. The result is an undesirable lack of scalability.
Other needs addressed by the inventions of this application include providing a simple, intuitive way of authenticating an electronic record, making digital signatures unobtrusive, and increasing intractability to an attacker without creating any noticeable inconvenience for a legitimate user.